Thank you for the suggestion, as it fixed the issue. Really appreciate the help. Best Regards. From: syslog-ng [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Scheidler, Balázs Sent: Thursday, December 08, 2016 12:01 AM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] TimeStamps Keep-timestamp only affects the time and not the formatting. Syslog-ng can format your timestanp in a number of ways, your example seems ti indicate that you are using the syslog() destination, which uses rfc5424 formatting wheras you might want the tcp() driver which uses the legacy rfc3164. The latter uses the format you want, although that does not include year information. On Dec 7, 2016 22:49, "David Campeau" <David.Campeau@tn.gov<mailto:David.Campeau@tn.gov>> wrote: Hello, Using a syslog-ng sever to filter syslogs before forwarding. I’m being asked to not change the timestamp in the syslog message. I’ve tried the “keep-timestamp(yes);” option in the syslog-ng.conf, but there’s no change in the timestamp. There must be an option I’m missing? Example of the change: Dec 07 15:08:57 <<<< Not filtered by syslog-ng 1 2016-12-07T15:07:32-06:00 <<< Filtering currently with syslog-ng Thank you for looking Best Regards, David ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq